Enterprise

Will Security Worries Dull Ajax’s Cutting Edge?

The programming tool Ajax (Asynchronous JavaScript and XML) has proven integral to the latest popular Internet destinations and is winning the favor of corporate supporters, including IBM and Google, as well as developers. However, there are some security issues that may accompany this cutting-edge technology tool.

Security experts highlighted some of those issues at last week’s AjaxWorld Conference in California. Among them are the rapid proliferation of so-called “Web 2.0” applications that typically rely on Ajax, including Google Maps, MySpace and many others.

Still, there is really no need to put the brakes on development of the social networking, service oriented architecture (SOA), Ajax-fueled “mashups” that are currently emerging, Interarbor Solutions Principal Analyst Dana Gardner told LinuxInsider.

“Some are concerned about the chatty nature of the interaction between a server and client with XML (extensible markup language) and Ajax,” he said. “Inside a firewall, however, or with virtual private networks or controlled environments, it’s not too much of a concern.”

Trend 2.0

In addition to functioning as a programming key to popular new Web sites and services, Ajax plays a critical role in advancing the strategies of major technology players.

For example, Google recently released Version 1.0 of the Ajax Search API (application program interface), which allows Web site operators to provide an on-site search function using Ajax.

Big Blue also bolstered Ajax recently with its contribution of code and enhancements to open source developers — theEclipse Foundation’s Ajax Technology Framework (ATF) and the Mozilla Foundation.

The Ajax enhancements help eliminate the need to manually refresh a browser and can reduce the steps to complete an online transaction, IBM said.

“IBM believes the open technologies that make up Web 2.0 are essential drivers to help transform innovation and competitive advantage for our clients,” said Chief Technology Officer for Emerging Internet Technologies David Boloker in a keynote at AjaxWorld.

Hazardous Speed

Still, the explosion of rich applications that connect to consumers to Web servers via technologies such as Ajax has raised some security concerns.

One of the issues that came up at the AjaxWorld Conference is the supposed ability to sidestep security measures such as intrusion detection systems (IDS) or Secure Sockets Layer (SSL). There are fears that so-called “rich application clients” connected to network servers may introduce new security holes.

To make security matters worse, there is no way to prevent hot, new Web 2.0 applications from becoming popular and proliferating — along with their security risks, IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.

“Because Web 2.0 blew so fast, people are getting applications — and they’re getting faster uptake than they should,” Stiennon said.

Highlighting the dangers inherent in exposing “a pretty sophisticated interface” that relies on Ajax and a Web-based client-server application, Stiennon observed that popularity has its price.

“As consumer-facing things get popular, they become a bigger target as well,” he said.

Counter Opportunity

One key question as to how Web 2.0 applications will play out is how they will make their way into the enterprise, Gardner said.

The world of Web 2.0 is evolving quickly, he noted, but there are opportunities for infrastructure service providers to mitigate security problems.

“We’re seeing [the rapid growth of] an ecology of providers and supporters around rich applications,” Gardner said. “There are security and performance concerns, but we’re quickly seeing the emergence of solutions to counter them.”

1 Comment

  • Are any of these "Security Worries" real? I’ve yet to see any security issues with Ajax that 1) aren’t debunked immmediately or 2) affect web apps in general (and not Ajax specifically). I think articles like this do more damage to Ajax adoption than real security concerns.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels